How to Configure Extended Access List on Router

In the previous post, we discussed the basics of IP access lists (ACLs) and how to configure standard access lists. In this post, we will explain how to configure an Extended Access List on Cisco routers. If you have any queries regarding the concept of Extended ACL, please visit the following link before start to configure Extended ACL.

If the preceding syntax does not help you, let’s have a look at the following syntax in detail.

The following figure shows the syntax to select the action, protocol, and source address.

The following figure shows the syntax to select the destination address and packet filter method.

The following figure shows the syntax to select the port number.

Steps to Configure Extended ACL

Once you are familiar with the syntax used to configure Extended ACL, let’s begin the configuration. To configure an Extended ACL, we will use the following network topology. In this example, we will deny host 10.0.0.2 from accessing the Web server (20.0.0.2). To do so, we need to filter the IP traffic containing the HTTP packet coming from 10.0.0.2 host.

We assume that you are already familiar with how to configure TCP/IP settings and how to configure routing. If you face any problem to configure the TCP/IP settings and a routing algorithm (such as RIP) for the preceding topology, the following links may help you.

Once you applied an ACL on the desired interface (in this case fa0/1), you can view the configured access lists by executing the following command.

Router2#show ip access-lists

The following figure shows how to configure an extended ACL on a Cisco router.

Verify Access Control List Configuration

To verify your configuration, open the Web browser on PC1, type http://20.0.0.2, and press Enter. You should not be able to access the Web server as shown in the following figure.

Now move on to PC2 and try to access the Web server, this time you should be able to access the Web server.

That’s all you need to know to configure an Extended ACL on Cisco router. In this post, we have learned how to configure Extended ACl on Cisco Routers using the numbered method. In the next posts, we will learn how to configure Extended ACL using the named ACL method. If you found this article helpful, please share with others too. Sharing this article will not cost you anything.